Saturday, November 15, 2014

Speed Dating Windows SBS 2008/Server 2012 Essentials

I’ve had to up my game at the church-house and start assisting with more regular Windows desktop administration and support.

I’ve been doing it already for some time, but for the most part it has been focused on just some of the physical network items and a few key workstations. I’ve not needed to address the domain/server operations yet.

That changed a few weeks ago when the deacon wearing the primary “network admin” hat decided he wanted to share it with me.

A few logins later and now I’ve been granted full domain admin rights on the Windows server. Nice.

While I have a lot of hands-on time for domain administration and objects/permissions, truth be told, I’ve had very little opportunity to work on the actual Windows servers.

Time to get learning!

After a few hours of recon-work, I had established we are running Windows SBS 2008.

So before I got too crazy with my RDC Win Server work on the live server, I thought it might be good to build a few VM’s with available trial versions. This way I can spend some time looking around and getting the flow of things without worrying about impacting the live server—at least at first.

I decided to play with Windows Server 2012 Essentials as well as SBS 2008 just to compare the differences. I must say I much more like WS 2012 Essentials. It is slick.

The price-point for WS 2012 R2 Essentials is pretty decent too. If I get any more laptops or desktop systems, I might have to seriously consider getting a copy and setting up our own home domain network.

In getting it set up in my VM, I discovered a cool trick from Andrea Matesi to getting MSSE to install as a poor-man’s AV solution. Perfect for this VM-loaded trial.

It took me two tries before I was actually able to get SBS 2008 installed in a VMWare Player session for some reason. The first go, I just could not get the vm to pick up a network driver. Not sure what happened, but the second time it worked fine.

So the first issue I had to address was that although I (my user object) had full permission rights to just about everything, I just could not get either my user account or a few other important ones to map to a Windows network share on the server. Permissions were perfect. It took me a whole day before I figured out some basic foundational items for share permissions in SBS.

Steep learning curve lowered…I discovered it wasn’t enough just to set user domain permission shares to have rights to a folder, I had to go into the SBS Console, select the “Shared Folders and Web Sites” module, then select the folder (share) access was desired on, then change folder permissions to add the SBS user account so they can access it. Once done, I was able to easily map the network share from the local workstation with nary a fuss.

I know…basic stuff…I’ve got a lot to learn quickly…

The next “major” issue I need to address (and haven’t yet) is to get things properly configured to either A) fix the SBS WSUS service on the system or B) disable it entirely so the Windows client systems (desktops/laptops) can self-manage updates directly.

Currently, all the domain systems don’t get updates, at all. Checking Windows Updates shows the message that “Updates are managed by system Administrator”. If you click the link below to check online for Updates, you then find like 20 GB (I slightly exaggerate) of updates available to actually bring the system current. Nice. So we have be manually checking each system and manually forcing them to pull down updates to at least get caught up. It’s a serious security issue from a patching standpoint.

I’ve collected the links below for reference, now I need to dig around on the live server to figure out just what part of it is “broken” and if it would be best to disable things altogether or try to repair it so updates flow from the server to the clients again properly. Not all of these may specifically be applicable but they seem like a good place to get to better know the lay of the land.

I would be appreciative to any good links to Windows SBS administrations resources and/or blogs that might help me get up to speed with being an effective sysadmin for SBS/Server Essential systems. Even it is down-and-dirty basic foundational stuff. Got to start somewheres!

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!